diff --git a/manifests/swh/deploy/webapp.pp b/manifests/swh/deploy/webapp.pp
index c16974a..0817519 100644
--- a/manifests/swh/deploy/webapp.pp
+++ b/manifests/swh/deploy/webapp.pp
@@ -1,173 +1,174 @@
 # WebApp deployment
 class profile::swh::deploy::webapp {
   $conf_directory = hiera('swh::deploy::webapp::conf_directory')
   $conf_file = hiera('swh::deploy::webapp::conf_file')
   $user = hiera('swh::deploy::webapp::user')
   $group = hiera('swh::deploy::webapp::group')
 
   $webapp_config = hiera('swh::deploy::webapp::config')
+  $conf_log_dir = hiera('swh::deploy::webapp::conf::log_dir')
 
   $uwsgi_listen_address = hiera('swh::deploy::webapp::uwsgi::listen')
   $uwsgi_protocol = hiera('swh::deploy::webapp::uwsgi::protocol')
   $uwsgi_workers = hiera('swh::deploy::webapp::uwsgi::workers')
   $uwsgi_max_requests = hiera('swh::deploy::webapp::uwsgi::max_requests')
   $uwsgi_max_requests_delta = hiera('swh::deploy::webapp::uwsgi::max_requests_delta')
   $uwsgi_reload_mercy = hiera('swh::deploy::webapp::uwsgi::reload_mercy')
 
   $swh_packages = ['python3-swh.web.ui']
   $static_dir = '/usr/lib/python3/dist-packages/swh/web/ui/static'
 
   $vhost_name = hiera('swh::deploy::webapp::vhost::name')
   $vhost_aliases = hiera('swh::deploy::webapp::vhost::aliases')
   $vhost_docroot = hiera('swh::deploy::webapp::vhost::docroot')
   $vhost_basic_auth_file = "${conf_directory}/http_auth"
   $vhost_basic_auth_content = hiera('swh::deploy::webapp::vhost::basic_auth_content')
   $vhost_ssl_protocol = hiera('swh::deploy::webapp::vhost::ssl_protocol')
   $vhost_ssl_honorcipherorder = hiera('swh::deploy::webapp::vhost::ssl_honorcipherorder')
   $vhost_ssl_cipher = hiera('swh::deploy::webapp::vhost::ssl_cipher')
 
   $open_endpoints = hiera_array('swh::deploy::webapp::open_endpoints')
 
   $endpoint_directories = $open_endpoints.map |$endpoint| {
     { path     => $endpoint,
       provider => 'location',
       allow    => 'from all',
       satisfy  => 'Any',
       headers  => ['add Access-Control-Allow-Origin "*"'],
     }
   }
 
   include ::uwsgi
 
   package {$swh_packages:
     ensure  => latest,
     require => Apt::Source['softwareheritage'],
     notify  => Service['uwsgi'],
   }
 
   file {$conf_directory:
     ensure => directory,
     owner  => 'root',
     group  => $group,
     mode   => '0755',
   }
 
   file {$conf_log_dir:
     ensure => directory,
     owner  => 'root',
     group  => $group,
     mode   => '0770',
   }
 
   file {$vhost_docroot:
     ensure => directory,
     owner  => 'root',
     group  => $group,
     mode   => '0755',
   }
 
   file {$conf_file:
     ensure  => present,
     owner   => 'root',
     group   => $group,
     mode    => '0640',
     content => inline_template('<%= @webapp_config.to_yaml %>'),
     notify  => Service['uwsgi'],
   }
 
   ::uwsgi::site {'swh-webapp':
     ensure   => enabled,
     settings => {
       plugin              => 'python3',
       protocol            => $uwsgi_protocol,
       socket              => $uwsgi_listen_address,
       workers             => $uwsgi_workers,
       max_requests        => $uwsgi_max_requests,
       max_requests_delta  => $uwsgi_max_requests_delta,
       worker_reload_mercy => $uwsgi_reload_mercy,
       reload_mercy        => $uwsgi_reload_mercy,
       uid                 => $user,
       gid                 => $user,
       umask               => '022',
       module              => 'swh.web.ui.main',
       callable            => 'run_from_webserver',
     }
   }
 
   include ::profile::ssl
   include ::profile::apache::common
   include ::apache::mod::proxy
   include ::apache::mod::headers
 
   ::apache::mod {'proxy_uwsgi':}
 
   ::apache::vhost {"${vhost_name}_non-ssl":
     servername      => $vhost_name,
     serveraliases   => $vhost_aliases,
     port            => '80',
     docroot         => $vhost_docroot,
     redirect_status => 'permanent',
     redirect_dest   => "https://${vhost_name}/",
   }
 
   $ssl_cert_name = 'star_softwareheritage_org'
   $ssl_cert = $::profile::ssl::certificate_paths[$ssl_cert_name]
   $ssl_ca   = $::profile::ssl::ca_paths[$ssl_cert_name]
   $ssl_key  = $::profile::ssl::private_key_paths[$ssl_cert_name]
 
   ::apache::vhost {"${vhost_name}_ssl":
     servername           => $vhost_name,
     serveraliases        => $vhost_aliases,
     port                 => '443',
     ssl                  => true,
     ssl_protocol         => $vhost_ssl_protocol,
     ssl_honorcipherorder => $vhost_ssl_honorcipherorder,
     ssl_cipher           => $vhost_ssl_cipher,
     ssl_cert             => $ssl_cert,
     ssl_ca               => $ssl_ca,
     ssl_key              => $ssl_key,
     docroot              => $vhost_docroot,
     proxy_pass           => [
       { path => '/static',
         url  => '!',
       },
       { path => '/favicon.ico',
         url  => '!',
       },
       { path => '/',
         url  => "uwsgi://${uwsgi_listen_address}/",
       },
     ],
     directories          => [
       { path           => '/',
         provider       => 'location',
         auth_type      => 'Basic',
         auth_name      => 'Software Heritage development',
         auth_user_file => $vhost_basic_auth_file,
         auth_require   => 'valid-user',
       },
       { path    => $static_dir,
         options => ['-Indexes'],
       },
     ] + $endpoint_directories,
     aliases              => [
       { alias => '/static',
         path  => $static_dir,
       },
     ],
     require              => [
       File[$vhost_basic_auth_file],
       File[$ssl_cert],
       File[$ssl_ca],
       File[$ssl_key],
     ],
   }
 
   file {$vhost_basic_auth_file:
     ensure  => present,
     owner   => 'root',
     group   => 'www-data',
     mode    => '0640',
     content => $vhost_basic_auth_content,
   }
 }